Commit 0159a230 authored by segfault's avatar segfault
Browse files

Greeter: Move settings files to /var/lib/gdm3/settings (refs: #17136)

To make it easier to persist all of these settings.
parent ef8dc7b5
...@@ -7,9 +7,9 @@ ...@@ -7,9 +7,9 @@
# ===== # =====
# #
# * /etc/live/config.d/username.conf : $LIVE_USERNAME # * /etc/live/config.d/username.conf : $LIVE_USERNAME
# * /var/lib/gdm3/tails.locale : $TAILS_LOCALE_NAME, $TAILS_XKBMODEL, # * /var/lib/gdm3/settings/tails.locale : $TAILS_LOCALE_NAME, $TAILS_XKBMODEL,
# $TAILS_XKBLAYOUT, $TAILS_XKBVARIANT, $TAILS_XKBOPTIONS, $CODESET # $TAILS_XKBLAYOUT, $TAILS_XKBVARIANT, $TAILS_XKBOPTIONS, $CODESET
# * /var/lib/gdm3/tails.password : $TAILS_USER_PASSWORD # * /var/lib/gdm3/settings/tails.password : $TAILS_USER_PASSWORD
# For whatever reason, /usr/sbin (needed by at least chpasswd) # For whatever reason, /usr/sbin (needed by at least chpasswd)
# is not in our PATH # is not in our PATH
...@@ -76,7 +76,7 @@ log "tails-unblock-network has exited (status=$?)." ...@@ -76,7 +76,7 @@ log "tails-unblock-network has exited (status=$?)."
### Localization ### Localization
# Import locale name # Import locale name
. /var/lib/gdm3/tails.locale || log_n_exit "Locale file not found." . /var/lib/gdm3/settings/tails.locale || log_n_exit "Locale file not found."
if [ -z "${TAILS_LOCALE_NAME}" ] ; then if [ -z "${TAILS_LOCALE_NAME}" ] ; then
log_n_exit "Locale variable not found." log_n_exit "Locale variable not found."
fi fi
...@@ -112,12 +112,12 @@ EOF ...@@ -112,12 +112,12 @@ EOF
### Password ### Password
# Import password for superuser access # Import password for superuser access
if [ -e /var/lib/gdm3/tails.password ] ; then if [ -e /var/lib/gdm3/settings/tails.password ] ; then
. /var/lib/gdm3/tails.password . /var/lib/gdm3/settings/tails.password
fi fi
# Remove password file # Remove password file
rm --interactive=never -f /var/lib/gdm3/tails.password rm --interactive=never -f /var/lib/gdm3/settings/tails.password
# Check if password is actually set # Check if password is actually set
if [ -z "${TAILS_USER_PASSWORD}" ] ; then if [ -z "${TAILS_USER_PASSWORD}" ] ; then
......
...@@ -5,7 +5,7 @@ Documentation=https://tails.boum.org/contribute/design/MAC_address/ ...@@ -5,7 +5,7 @@ Documentation=https://tails.boum.org/contribute/design/MAC_address/
[Service] [Service]
Type=oneshot Type=oneshot
RemainAfterExit=yes RemainAfterExit=yes
EnvironmentFile=/var/lib/gdm3/tails.network EnvironmentFile=/var/lib/gdm3/settings/tails.network
# It's important we "export" the settings from tails.macspoof before # It's important we "export" the settings from tails.macspoof before
# unblocking the network; doing so will make the user-set MAC spoofing # unblocking the network; doing so will make the user-set MAC spoofing
...@@ -14,8 +14,8 @@ EnvironmentFile=/var/lib/gdm3/tails.network ...@@ -14,8 +14,8 @@ EnvironmentFile=/var/lib/gdm3/tails.network
ExecStartPre=/bin/sh -c \ ExecStartPre=/bin/sh -c \
'for setting in macspoof network; do \ 'for setting in macspoof network; do \
/usr/bin/install -m 0640 -o root -g root \ /usr/bin/install -m 0640 -o root -g root \
"/var/lib/gdm3/tails.$setting" \ "/var/lib/gdm3/settings/tails.$setting" \
"/var/lib/live/config/tails.$setting" ; \ "/var/lib/live/config/tails.$setting" ; \
done' done'
ExecStartPre=/bin/sync ExecStartPre=/bin/sync
ExecStartPre=/bin/sh -c \ ExecStartPre=/bin/sh -c \
......
...@@ -32,17 +32,20 @@ supported_locales_path = os.path.join(data_path, 'supported_locales') ...@@ -32,17 +32,20 @@ supported_locales_path = os.path.join(data_path, 'supported_locales')
# System locales directory # System locales directory
system_locale_dir = '/usr/share/locale/' system_locale_dir = '/usr/share/locale/'
# Directory where the Greeter settings are stored
settings_dir = '/var/lib/gdm3/settings'
# File where session locale settings are stored # File where session locale settings are stored
locale_output_path = '/var/lib/gdm3/tails.locale' locale_setting_path = os.path.join(settings_dir, 'tails.locale')
# File where the session sudo password is stored # File where the session sudo password is stored
admin_password_output_path = '/var/lib/gdm3/tails.password' admin_password_path = os.path.join(settings_dir, 'tails.password')
# World-readable file where Tails persistence status is stored
persistence_state_file = '/var/lib/live/config/tails.persistence'
# File where the network setting is stored # File where the network setting is stored
network_setting = '/var/lib/gdm3/tails.network' network_setting_path = os.path.join(settings_dir, 'tails.network')
# File where the MAC address spoofing setting is stored # File where the MAC address spoofing setting is stored
macspoof_setting = '/var/lib/gdm3/tails.macspoof' macspoof_setting_path = os.path.join(settings_dir, 'tails.macspoof')
# World-readable file where Tails persistence status is stored
persistence_state_file = '/var/lib/live/config/tails.persistence'
...@@ -20,7 +20,9 @@ ...@@ -20,7 +20,9 @@
import gi import gi
import logging import logging
import os
from tailsgreeter.config import settings_dir
from tailsgreeter.gdmclient import GdmClient from tailsgreeter.gdmclient import GdmClient
from tailsgreeter.settings import localization from tailsgreeter.settings import localization
from tailsgreeter.settings.admin import AdminSetting from tailsgreeter.settings.admin import AdminSetting
...@@ -60,6 +62,9 @@ class GreeterApplication(object): ...@@ -60,6 +62,9 @@ class GreeterApplication(object):
"/org/gnome/SessionManager", "/org/gnome/SessionManager",
"org.gnome.SessionManager") "org.gnome.SessionManager")
# Create the settings directory
os.makedirs(settings_dir, mode=0o700, exist_ok=True)
# Load models # Load models
self.gdmclient = GdmClient(session_opened_cb=self.close_app) self.gdmclient = GdmClient(session_opened_cb=self.close_app)
......
...@@ -14,7 +14,7 @@ class AdminSetting(object): ...@@ -14,7 +14,7 @@ class AdminSetting(object):
self.password = None self.password = None
def apply_to_upcoming_session(self): def apply_to_upcoming_session(self):
setting_file = tailsgreeter.config.admin_password_output_path setting_file = tailsgreeter.config.admin_password_path
if self.password: if self.password:
with open(setting_file, 'w') as f: with open(setting_file, 'w') as f:
......
...@@ -53,8 +53,8 @@ class LocalisationSettings(object): ...@@ -53,8 +53,8 @@ class LocalisationSettings(object):
self._usermanager_loaded_cb() self._usermanager_loaded_cb()
def apply_to_upcoming_session(self): def apply_to_upcoming_session(self):
with open(tailsgreeter.config.locale_output_path, 'w') as f: with open(tailsgreeter.config.locale_setting_path, 'w') as f:
os.chmod(tailsgreeter.config.locale_output_path, 0o600) os.chmod(tailsgreeter.config.locale_setting_path, 0o600)
f.write('TAILS_LOCALE_NAME=%s\n' % self.language.get_value()) f.write('TAILS_LOCALE_NAME=%s\n' % self.language.get_value())
f.write('TAILS_FORMATS=%s\n' % self.formats.get_value()) f.write('TAILS_FORMATS=%s\n' % self.formats.get_value())
......
...@@ -12,7 +12,7 @@ class MacSpoofSetting(object): ...@@ -12,7 +12,7 @@ class MacSpoofSetting(object):
self.value = True self.value = True
def apply_to_upcoming_session(self): def apply_to_upcoming_session(self):
setting_file = tailsgreeter.config.macspoof_setting setting_file = tailsgreeter.config.macspoof_setting_path
with open(setting_file, 'w') as f: with open(setting_file, 'w') as f:
os.chmod(setting_file, 0o600) os.chmod(setting_file, 0o600)
f.write("TAILS_MACSPOOF_ENABLED=%s\n" % pipes.quote(str(self.value)).lower()) f.write("TAILS_MACSPOOF_ENABLED=%s\n" % pipes.quote(str(self.value)).lower())
......
...@@ -16,7 +16,7 @@ class NetworkSetting(object): ...@@ -16,7 +16,7 @@ class NetworkSetting(object):
self.value = self.NETCONF_DIRECT self.value = self.NETCONF_DIRECT
def apply_to_upcoming_session(self): def apply_to_upcoming_session(self):
setting_file = tailsgreeter.config.network_setting setting_file = tailsgreeter.config.network_setting_path
with open(setting_file, 'w') as f: with open(setting_file, 'w') as f:
os.chmod(setting_file, 0o600) os.chmod(setting_file, 0o600)
f.write("TAILS_NETCONF=%s\n" % pipes.quote(self.value)) f.write("TAILS_NETCONF=%s\n" % pipes.quote(self.value))
......
...@@ -4,7 +4,7 @@ set -e ...@@ -4,7 +4,7 @@ set -e
set -u set -u
set -x set -x
CONFIG_FILE=/var/lib/gdm3/tails.network CONFIG_FILE=/var/lib/gdm3/settings/tails.network
NET_MODULES_BLACKLIST=/etc/modprobe.d/all-net-blacklist.conf NET_MODULES_BLACKLIST=/etc/modprobe.d/all-net-blacklist.conf
# Import the TAILS_NETCONF variable # Import the TAILS_NETCONF variable
......
...@@ -37,7 +37,7 @@ When talking about language support in greeter it is important to distinguish be ...@@ -37,7 +37,7 @@ When talking about language support in greeter it is important to distinguish be
The available locales dynamically populated into list. Once language is chosen corresponding translation is applied to the widget (if available) but actual locale generation is handled by external script which is activated by GDM on logon. The available locales dynamically populated into list. Once language is chosen corresponding translation is applied to the widget (if available) but actual locale generation is handled by external script which is activated by GDM on logon.
N. B. TailsGreeter is executed under Debian-gdm user while locale generation requires root access which is available for PostLogin script. This makes very inconvenient usage of env. variables for parameter transfer. That's why parameters to PostLogin script are supplied via temporary files in /var/lib/gdm3/tails.* N. B. TailsGreeter is executed under Debian-gdm user while locale generation requires root access which is available for PostLogin script. This makes very inconvenient usage of env. variables for parameter transfer. That's why parameters to PostLogin script are supplied via temporary files in /var/lib/gdm3/settings/tails.*
## Additional notes: ## Additional notes:
......
...@@ -269,7 +269,7 @@ the [[!tails_ticket 5496 desc="Welcome Screen"]] (aka. *tails-greeter*). ...@@ -269,7 +269,7 @@ the [[!tails_ticket 5496 desc="Welcome Screen"]] (aka. *tails-greeter*).
* runs `live-persist` to set up persistent data where it belong * runs `live-persist` to set up persistent data where it belong
* pass information to the user session (at least * pass information to the user session (at least
`tails-persistence-setup` needs information) through shell variables `tails-persistence-setup` needs information) through shell variables
set in `/var/lib/gdm3/tails.persistence` set in `/var/lib/gdm3/settings/tails.persistence`
backend / tails-greeter interface backend / tails-greeter interface
--------------------------------- ---------------------------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment